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(57) Abstract: An operating system may be stored in a reprogrammable memory (14). The memory (14) may store a primary 
Q operating system (22) and recovery operating system (20). The recovery operating system (20) may automatically obtain a new 
^ operating system to replace a corrupted or outdated operating system. In some embodiments, this avoids the need to call upon the 
^ user to load the new operating system through a disk drive and to undertake a time consuming installation procedure. 



WO 01/09722 



PCT/US00/17595 



-1 - 

Re-Loading Operating Systems 

Background 

This invention relates generally to operating systems used to control computer 
systems. 

The basic input/output system (BIOS) is a set of software routines that test hardware 
setup, start the operating system, and support the transfer of data among hardware devices. 
BIOS is stored in a memory so that it can be executed when the computer is turned on. The 
BIOS uses the CMOS setup utility, accessible at boot time, for setting up certain system 
options such as the date and time, the kind of drives and the port configuration. 

When the microprocessor is turned on or reset, it begins at a special memory location 
near the top of a real mode addressing range. This location holds a special program 
instruction called the boot code-a jump vector that points to another address where the BIOS 
code actually begins. The BIOS instructs the microprocessor to run through all the known 
components of the system and to determine whether they are operating properly. The 
microprocessor then begins the actual boot-up process. The BIOS code instructs the 
microprocessor to jump to a section of code to read the first sector of the storage medium 
such as a hard disk drive that contains start-up information. The program code then takes 
over from the BIOS and instructs the microprocessor how to load the operating system, 
usually from a hard disk drive, to start the computer. 

An operating system is software that controls the allocation and usage of hardware 
resources such as memory, central processing unit time and peripheral devices. Some well 
known operating systems include the Windows® 98, Windows® CE, Windows® NT, MAC 
OS, UNIX, LINUX and BE operating systems. 

With any operating system, problems may arise. During the boot process, it may be 
determined that the operating system, as stored, is corrupted. In such cases, it is normally 
necessary to undertake a time consuming procedure to re-load the operating system from a 
disk provided by the computer system manufacturer. 

In addition, the operating system provider may provide fixes or improvements 
collectively termed "updates" herein. Periodically, updates become available. Normally, 
these updates may be acquired for download or for reading from a disk from the operating 
system provider. 
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Thus, there is a continuing need for better ways to re-load an operating system due to 
operating system corruption or the availability of updates. 

Summary 

In accordance with one aspect, a method of recovering a primary operating system 
responsible for operating a processor-based device, includes providing a recovery operating 
system for the device. The device is operated using the recovery operating system when it is 
desired to recover the primary operating system. Primary operating system code is obtained 
for recovering the primary operating system using the recovery operating system. 

Brief Descri ption of the Drawings 

Fig. 1 is a schematic depiction of a client/server system in accordance with one 
embodiment of the present invention; 

Fig. 2 is a depiction of the memory architecture of the storage device shown in Fig. 1 ; 

Fig. 3 is a depiction of a memory architecture of a BIOS and recovery operating 
system used in the system shown in Fig. 2; 

Fig. 4 is a flow chart for implementing software for re-loading operating systems in 
accordance with one embodiment of the present invention; 

Fig. 5 is a depiction of a memory architecture for the primary operating system shown 
in Fig. 2; 

Fig. 6 is a hardware implementation of the client shown in Fig. 1 ; and 
Fig. 7 is a flow chart illustrating the operation of the FLAT shown in Fig. 5. 

Detailed Description 

A client/server computer system 10, shown in Fig. 1, may include one or more servers 
18 that may be coupled over a network 16 to one or more clients 12. Each client 12 may 
have a storage device 14. The client 12 may be a processor-based system such as a desktop 
computer system, a handheld computer system, a processor-based television system, a set top 
box, an appliance, a thin client, a cellular telephone, or the like. The network 16 may be any 
of a variety of networks including a local area network (LAN), a metropolitan area network 
(MAN), a wide area network (WAN), a wireless network, a home network or an internetwork 
such as the Internet. 
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In the system 10, the client 12 may permanently store its operating system on a re- 
programmable storage device 14. The storage device 14 may conventionally be a hard disk 
drive or a FLASH memory. When the operating system is corrupted or needs updating, the 
client 10 can access the network 16 and the server 18 in order to obtain an uncorrupted or 
updated operating system and automatically re-load the new operating system onto the 
storage device 14. 

The storage device 14 may be electrically reprogrammed. The storage device 14 may 
also act as the BIOS memory for the client 12 in one embodiment of the invention. While 
conventionally the BIOS memory is a read only memory (ROM), by using a re- 
programmable memory, the operating system as well as the BIOS code may be updated or 
replaced when corrupted, as will be explained hereinafter. In other embodiments a 
conventional BIOS ROM may be used in addition to the storage device 14. 

A variety of FLASH memories are available for implementing the storage device 14, 
such as Intel's "StrataFlash" brand memory. One advantageous memory is the 28F640J5 
eight megabyte FLASH array available from Intel Corporation. This memory includes a 
plurality of 128 kilobyte blocks. Each block may be data protected so that it may not be 
erased or overwritten. In other words, data protection may be selectively applied to one or 
more of a plurality of blocks in the memory. 

The BIOS may be stored in one or more data protected blocks in the FLASH memory. 
Likewise, the recovery operating system may be stored in one or more blocks that are also 
data protected. In one embodiment, the BIOS may be stored in two 128 kilobyte blocks and 
the recovery operating system may use two 128 kilobyte blocks. The remainder of the 
memory may be utilized to store the primary operating system and a file system. Additional 
information about FLASH memories may be found in the "FLASH Memory" Databooks, 
January 1998, Order No. 2108830-017 available from Intel Corporation, Santa Clara, 
California. 

Referring now to Fig. 2, the memory architecture of the storage device 14 may 
include addressable locations for a BIOS and recovery operating system 20 and a primary 
operating system 22. The primary operating system may be an open operating system such as 
Microsoft Windows® 98 or CE, Linux, or the Be operating systems, as examples. The 
primary operating system may also be a real time operating system (RTOS) such as the 
PalmOS. The BIOS and recovery operating system 20 operates in cases where the primary 
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operating system 22 is corrupted or needs updating. The recovery operating system 20 may 
be an operating system of a reduced size which includes basic, essential BIOS functions and 
the limited software needed to obtain a new primary operating system. Thus, as used herein a 
"recovery operating system" is an operating system that is responsible for updating and/or 
obtaining a replacement for a primary operating system. 

Referring to Fig. 3, in one embodiment of the invention, the recovery operating 
system 20 includes a kernel 26, a network interface controller (NIC) drivers 30 and a network 
stack 28. The kernel 26 is the core of the recovery operating system 20. The stack 28, for 
example, may include the User Datagram Protocol/Internet Protocol (UDP/IP), Trivial File 
Transfer Protocol (TFTP), Dynamic Host Control Protocol (DHCP), Address Resolution 
Protocol (ARP) and the boot strap protocol (BOOTP). (These protocols may be found at 
www.ietf.org/rfc.html.) The recovery operating system 20 may also include the operating 
system recovery and update application software 24. A FLASH driver 34 and BIOS services 
35 may also be included. The FLASH driver is used to write a new primary operating system 
to the FLASH memory, where a FLASH memory is used as the storage device 14. The 
hardware interface 36 interfaces the software layers with a hardware motherboard. 

Ideally, the recovery operating system 22 may be stripped down as much as possible 
to conserve memory. If possible, the kernel 26 may be reduced to only that code which is 
necessary to implement its recovery and update functions. One kernel which is particularly 
applicable is the LINUX kernel. The LINUX kernel includes an X-based kernel 
configuration utility called make xconfig. This utility provides a graphical user interface to 
facilitate selecting the elements of the kernel and the operating system. That is, the LINUX 
operating system allows the user to answer a series of questions, posed through a graphical 
user interface, indicating whether particular functionalities are desired. The code for de- 
selected functionalities may then be excluded. As a result, a relatively trimmed down 
operating system may be readily developed, without access to object code. 

In the case of some software errors or crashes, the system may reboot, thereby 
resolving the error. A watchdog timer in the CMOS memory keeps a count of unsuccessful 
attempted reboots. If that number exceeds a threshold level (e.g. three), the recovery 
operating system may be invoked. When the system attempts to reboot, it checks the CMOS 
memory re-boot count and automatically boots the recovery operating system if the re-boot 
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count threshold is exceeded. The recovery operating system 20 is started so that a new 
version of the primary operating system image may be fetched. 

The recovery operating system 20 may also acquire operating system updates. This 
may be done in a number of ways. In one embodiment, the user may request an update, 
5 thereby setting a separate update bit in the CMOS memory. In another embodiment, an 
operating system provider may broadcast a message to its users indicating that an update is 
available. The user systems that receive the message may have their update bit automatically 
set in CMOS memory. On the next attempted boot, the recovery operating system is booted 
to automatically acquire the update. 

10 Alternatively, the recovery and update application software 24 may be configured so 

that the update is automatically acquired at a predicted low usage time. For example, if the 
system detects that the update bit is set, indicating an update is desired, the system may wait 
until the middle of the night to automatically download the update. 

The recovery operating system in turn may communicate through the network 

15 interface controller and the network 16 to fetch a new version of the primary operating 
system image. This may be done by accessing another device in the same network or in 
another example, accessing the desired operating system over the Internet. 

After the new operating system has been checked in system memory and loaded into 
the memory 14, the system is rebooted. When the system reboots the primary operating 

20 system, the primary operating system resets the update bit in CMOS memory. 

In some cases when booting is attempted, an analysis of the stored operating system 
may determine that the operating system is corrupted. For example, during booting a 
checksum analysis may be undertaken. If the stored operating system is corrupted, a 
recovery bit may be set in the CMOS memory and the boot aborted. The next time a boot is 

25 attempted, the recovery bit is identified, and the system boots to the recovery operating 
system. 

Referring now to Fig. 4, recovery and update application software 24 begins by 
checking the storage device 14 as indicated in diamond 40. Upon power up, after going 
through the power on self test (POST), the start-up code checks the primary operating system 
30 image in the memory 14 for checksum errors. If there is an error, the system boots the 

recovery operating system 20 and launches the recovery application. An error code may arise 
because the operating system image is corrupted or one of the recovery or update flags are 
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set The recovery flag may be set, for example, because of a defect in the operating system. 
The update flags may be set, for example, because a time period has elapsed for an old 
primary operating system or because the user has indicated a desire to obtain an upgrade. 
Thus, after applying the checksum as indicated in block 42, the primary operating system is 
booted as indicated in block 44 if the checksum indicates a valid operating system. 
Otherwise, the recovery operating system is booted as indicated in block 46. 

During the boot routine, start-up code which is part of the BIOS, sets the recovery bit 
in the CMOS memory if appropriate. The start-up code may also include the code for 
counting the number of times a reboot has been attempted and for storing information about 
the number of attempted reboots. 

The application 24 may initiate a request over the network to the server 18 for an 
operating system download (block 48), in one embodiment of the present invention. Once 
the new image is downloaded, it is written to the storage device 14. The recovery bit is then 
cleared, as indicated in block 50, and the system reboots as indicated in block 52. The next 
time through, the system boots into the primary operating system and performs it usual 
functions. 

The memory architecture of a portion of the storage device 14 storing the primary 
operating system 22, shown in Fig. 5, has, at the lowest memory address, a checksum or 
cyclic redundancy check (CRC) field 96. Above the checksum field 96 is a field 98 which 
indicates the number of entries in a FLASH allocation table (FLAT) 100. The FLASH 
allocation table partitions the FLASH memory portion 22 and allows multiple code and data 
images to be stored in the storage device 14. This in turn allows multiple boot loaders to 
exist within the FLASH memory for booting different operating system images. At boot 
time, the BIOS selects which boot loader to load and execute based on the status of the 
recovery bit, as described above. 

The boot loader 102 for loading the primary operating system is stored above the 
FLASH allocation table 100. Above the boot loader 102 is the kernel 104 or core of the 
primary operating system. The primary operating system kernel may be the same or different 
from the kernel utilized by the recovery operating system. For example, while LINUX may 
be used for the recovery operating system, Windows® CE could be used in one embodiment 
for the primary operating system. 
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Above the kernel 104 is a file system 106. The FLASH allocation table 100 includes 
one entry for each item stored in the FLASH memory portion 22 including the items stored in 
the file system 106. The file system 106 includes files, directories and information used to 
locate and access operating system files and directories. 
5 Each item contained in the FLASH allocation table includes information about the 

software version, the flags, the data offsets, the length of the data and its load address. The 
version number just keeps track of which version of software was loaded in a particular 
memory 14. The data offset determines where, in the FLASH memory, an entry is located. 
The flag field has information about the nature of the respective entries. The least 

10 significant bit of the flag field includes information about the status of the cyclic recovery 
check (CRC). This in effect tells the BIOS whether a CRC must be calculated. The next 
most significant bit includes the block type. The block types include "boot" which indicates 
a boot loader, "kernel" or "file system". If the block type is boot loader, this flag field tells 
where, in random access memory, to load the boot loader out of the FLASH memory. An 

15 additional area in the flag field may be reserved for other information. A boot loader or 

bootstrap loader loads and passes control to another loader program which loads an operating 
system. 

While the present invention may be used in connection with a variety of processor- 
based systems, an application which uses a set top computer system is illustrated in Fig. 6. A 

20 set top computer systems works with a television receiver. The client 12 may include a 
processor 65 coupled to an accelerated graphic board (AGP) chipset 66. The Accelerated 
Graphic Port Specification, Rev. 2.0 is available from Intel Corporation of Santa Clara, 
California. The chipset 66 may be coupled to system memory 68 in the accelerated graphics 
port bus 70. The bus 70 in turn may be coupled to a graphic accelerator 72, also coupled to a 

25 video or television receiver 73. 

A portion 75 of system memory 68, called the CMOS memory, may be implemented 
by a memory integrated circuit which is adapted to save system data. Conventionally, the 
CMOS includes the real time clock (RTC), which keeps the time of day. The recovery and 
update bits are stored in the CMOS memory at predefined locations. 

30 The chipset 66 may also be coupled to a bus 74 that receives a television tuner/capture 

card 76. The card 76 may be coupled to a television antenna 78 which may also be a satellite 
antenna or a cable connection as additional examples. An interface to a network 16, such as a 
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modem interface connection to the Internet or a network interface controller connection to a 
computer network may also be provided. 

A bridge 80 may in turn be coupled to another bus 84 which supports a serial 
input/output interface 86 and a memory interface 94. The interface 86 may be coupled to a 
5 modem 88 or a keyboard 92. The interface 94 may couple the FLASH memory 14 storing 
the recovery operating system and BIOS 20 and the primary operating system 22. The bridge 
80 may be the 8237 1AB PCI ISA IDE Xcelerator (PIIX4) chipset available from Intel 
Corporation. Thus, it may include a general purpose input/output pins (GP[I,OJ). 

With the number of chipsets used to implement computer systems, the chipset may be 

10 set up so that it sees only a certain number of lines of BIOS at any one time. In embodiments 
in which the primary operating system and the recovery operating system are stored in 
FLASH memory, they may be accessed in the same way as the BIOS memory is accessed. 
Thus, since the FLASH memory that is accessed is considerably larger than a BIOS memory, 
it may be desirable to use other techniques to allow accessing all of the memory stored in the 

15 FLASH. One technique for doing this in processors from Intel Corporation is to use the 
GP[I,0] pins, for example on the PIIX4 device. These pins can be coupled to the pins 
responsible for developing the signals reading the BIOS. By providing appropriate GP[I,0] 
signals, FLASH memory reading may be bank switched to sequentially read the entire 
memory. 

20 Turning now to Fig. 7, in accordance with one embodiment, software that uses the 

FLAT to allow multiple code and data images to be stored in FLASH memory, begins on 
power up or system reset with the BIOS executing and performing system initialization and 
Power on Self Test activities (block 110). The contents of the FLASH memory may be 
validated by checking the CRC stored at field 96 in the FLASH memory, as indicated in 

25 block 112. At this point, the BIOS selects the boot loader (block 1 14) to execute by scanning 
the FLAT and selecting the entry marked as the boot loader. The boot loader then uses the 
FLAT to find where in the FLASH memory the primary operating system is located (block 
116), loads the operating system at the appropriate address in system memory (block 1 1 8) 
and starts its execution (block 120). 

30 In some embodiments the BIOS may continue to be independent from the operating 

system. The operating system dependencies can reside in the boot loader. The boot loader 
allows a conventional computer operating system to reside in FLASH memory. 
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While the present invention has been illustrated in connection with an embodiment 
wherein the primary operating system and the recovery operating system are stored in a 
storage device such as a FLASH memory, other re-programmable storage devices may be 
utilized as well. In the case of FLASH memory, given current economies, the memory is 

5 relatively expensive and mirroring is generally not used. Thus, the use of the recovery 
operating system in connection with FLASH memories is particularly advantageous. 

However, the present invention may be utilized in connection with other 
configurations. For example, in systems that store the primary operating system in a hard 
disk drive, the recovery operating system may also be included on the hard disk drive. The 

10 BIOS may continue to be stored in a BIOS ROM in such cases, if desired. 

Alternatively, the recovery operating system may actually be provided on an external 
or removable memory, such as a compact disc ROM (CD-ROM). When necessary, the user 
may simply load the CD-ROM into a CD-player. A processor executes the recovery 
operating system off of the CD-ROM, and then uses the recovery and update application 

15 software to update and replace the primary operating system. This approach offers 

advantages over providing the full operating system in disk form since the use of a compact 
recovery operating system facilitates updates. That is, the compact recovery system may be 
quickly loaded and used to acquire updates. Otherwise, a full operating system would need 
to be provided in disk form to each user, for each update, so that the user can then acquire the 

20 updates. 

In addition, while the present invention has been described with respect to a 
client/server environment, the present invention is available to a variety of other 
environments. For example, the present invention may be implemented on a server in a 
client/server environment. In addition, it is applicable to stand-alone computer systems 

25 including processor-based systems that are battery powered. For example, in connection with 
hand-held computer systems, the present invention may provide an update or replacement 
functionality using available wired or wireless communication links. In a system which may 
be temporarily hard wire linked to a desktop computer, such as a PalmPilot personal digital 
assistant, the recovery operating system may communicate with the desktop to obtain a new 

30 operating system. Similarly, upgrades may be obtained using a variety of wireless 

communication links including radio and cellular telephone links. Moreover, in systems 
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which are linked through cable or satellite broadcast systems, new operating systems may be 
achieved using these communication links as well. 

In connection with custom operating systems, it may be necessary to go to a specific 
remote location in order to update or replace the operating system. However, in connection 
5 with non-custom operating systems, a variety of sites within the user's extended computer 
system, accessible over the Internet or over a variety of communication links, may be utilized 
to acquire such replacements. In addition, a plurality of such sites may be preprogrammed 
into the recovery operating system application software so that if the system is unsuccessful 
in acquiring the needed replacement at one location, it can query a plurality of other 
10 locations. 

In some cases, the recovery application software can not be programmed with 
information about additional locations which contain future updates. However, when an 
operating system provider broadcasts information about updates, that broadcast may also 
include information about how to automatically acquire the desired updates. This 
1 5 information may then be used by the recovery application software. 

In some embodiments, the system user is oblivious to the operation of the recovery 
operating system. The recovery operating system works in the background making the 
primary operating system to appear to the user to be more robust. 

While the present invention has been described with respect to a limited number of 
20 embodiments, those skilled in the art will appreciate numerous modifications and variations 
therefrom. It is intended that the appended claims cover all such modifications and variations 
as fall within the true spirit and scope of this present invention. 
What is claimed is: 
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1 LA method of recovering a primary operating system responsible for operating 

2 a processor-based device, said method comprising: 

3 providing a recovery operating system for said device; 

4 operating said device using said recovery operating system when it is desired 

5 to recover the primary operating system; and 

6 obtaining primary operating system code for recovering said primary 

7 operating system using said recovery operating system. 

1 2. The method of claim 1 wherein providing a recovery operating system 

2 includes providing a recovery operating system on a removable storage media. 

1 3. The method of claim 1 wherein providing a recovery operating system 

2 includes providing a recovery operating system on the same storage media which stores said 

3 primary operating system. 

1 4. The method of claim 1 wherein providing a recovery operating system 

2 includes providing a recovery operating system on a FLASH memory. 

1 5. The method of claim 1 wherein providing a recovery operating system 

2 includes providing a recovery operating system of smaller size than said primary operating 

3 system. 

1 6. The method of claim 5 wherein providing a recovery operating system 

2 includes using a graphical user interface to select which components will be included in the 

3 recovery operating system. 



1 

2 
3 



7. The method of claim 1 wherein providing a recovery operating system 
includes providing a recovery operating system on the same memory which stores a basic 
input/output system. 
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1 8. The method of claim 1 wherein providing a recovery operating system 

2 includes providing software for enabling said recovery operating system to access an external 

3 server over a network to obtain said operating system code. 

1 9. The method of claim 1 further including checking for a flag to determine 

2 whether to boot said recovery operating system or said primary operating system. 

1 10. The method of claim 1 including applying an error detecting algorithm to said 

2 primary operating system to determine whether to boot said recovery operating system or 

3 said primary operating system. 

1 11. The method of claim 1 including providing a bit in CMOS memory which is 

2 responsible for indicating whether to boot the primary operating system or the recovery 

3 operating system. 

1 12. The method of claim 1 wherein operating said device using said recovery 

2 operating system includes operating said device using said recovery operating system when it 

3 is desired to update the primary operating system. 

1 13. The method of claim 1 further including detecting that the primary operating 

2 system is corrupted and wherein operating said device using said recovery operating system 

3 includes booting said recovery operating system when it is determined that said primary 

4 operating system is corrupted. 

1 14. The method of claim 1 wherein obtaining operating system code includes 

2 accessing a network coupled to said device to obtain said code. 

1 15. The method of claim 1 wherein obtaining operating system code includes 

2 accessing a remote server over a wireless network. 



1 16. An article comprising a medium storing instructions adapted to cause a 

2 processor-based system to: 
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3 operate a processor-based device using a primary operating system; 

4 operate said device using said recovery operating system when it is desired to 

5 recover the primary operating system; and 

6 obtain primary operating system code for recovering said primary operating 

7 system using said recovery operating system. 



1 17. The article of claim 16 further storing instructions that cause a processor- 

2 based system to enable said recovery operating system to access an external server over a 

3 network to obtain said operating system code. 

1 18. The article of claim 1 6 further storing instructions that cause a processor- 

2 based system to use said recovery operating system to obtain an update of the primary 

3 operating system. 



1 19. The article of claim 1 6 further storing instructions that cause a processor- 

2 based system to detect that the primary operating system is corrupted and automatically boots 

3 said recovery operating system. 

1 20. A processor-based system comprising: 

2 a microprocessor; and 

3 a reprogrammable memory coupled to said microprocessor, said 

4 reprogrammable memory storing a primary operating system and a recovery operating system 

5 adapted to obtain a new operating system from outside said processor-based system. 
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